U.S. Judge Rules NSO Group Is Liable for Spyware Delivered via WhatsApp ⇥ therecord.media

Suzanne Smalley, the Record:

The developer of the powerful Pegasus spyware was found liable on Friday for its role in the infection of devices belonging to 1,400 WhatsApp users.

The precedent-setting ruling from a Northern California federal judge could lead to massive damages against NSO Group, whose notorious spyware has been reportedly used, and often abused, by a roster of anonymous government clients worldwide.

Apple dropped its similar suit against NSO Group in September on the grounds it believed it would be unable to compel the production of evidence. But the judge in WhatsApp’s case, Phyllis J. Hamilton, was correctly furious (PDF) about NSO Group’s behaviour:

Overall, the court concludes that defendants have repeatedly failed to produce relevant discovery and failed to obey court orders regarding such discovery. Most significant is the Pegasus source code, and defendants’ position that their production obligations were limited to only the code on the AWS server is a position that the court cannot see as reasonable given the history and context of the case. Moreover, defendants’ limitation of its production such that it is viewable only by Israeli citizens present in Israel is simply impracticable for a lawsuit that is to be litigated in this district.

Accordingly, the court concludes that plaintiffs’ motion for sanctions must be GRANTED. […]

I am not a lawyer, and it seems Apple’s — presumably, very expensive — representation had good reason to worry about this case. But I wish they would have pursued it. It would have been nice to see NSO Group on the receiving end of two of these rulings instead of just one.